diff --git a/api/clusters/v1alpha1/cluster_types.go b/api/clusters/v1alpha1/cluster_types.go index 6d3f411..6341755 100644 --- a/api/clusters/v1alpha1/cluster_types.go +++ b/api/clusters/v1alpha1/cluster_types.go @@ -74,10 +74,10 @@ const ( // +kubebuilder:selectablefield:JSONPath=".spec.profile" // +kubebuilder:printcolumn:JSONPath=".spec.purposes",name="Purposes",type=string // +kubebuilder:printcolumn:JSONPath=`.status.phase`,name="Phase",type=string -// +kubebuilder:printcolumn:JSONPath=`.metadata.labels["clusters.openmcp.cloud/k8sversion"]`,name="Version",type=string -// +kubebuilder:printcolumn:JSONPath=`.metadata.labels["clusters.openmcp.cloud/provider"]`,name="Provider",type=string +// +kubebuilder:printcolumn:JSONPath=`.metadata.labels.clusters\.openmcp\.cloud/k8sversion`,name="Version",type=string +// +kubebuilder:printcolumn:JSONPath=`.metadata.labels.clusters\.openmcp\.cloud/provider`,name="Provider",type=string // +kubebuilder:printcolumn:JSONPath=".spec.profile",name="Profile",type=string,priority=10 -// +kubebuilder:printcolumn:JSONPath=`.metadata.annotations["clusters.openmcp.cloud/providerinfo"]`,name="Info",type=string,priority=10 +// +kubebuilder:printcolumn:JSONPath=`.metadata.annotations.clusters\.openmcp\.cloud/providerinfo`,name="Info",type=string,priority=10 // +kubebuilder:printcolumn:JSONPath=".status.apiServer",name="APIServer",type=string,priority=10 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" diff --git a/api/crds/manifests/clusters.openmcp.cloud_clusters.yaml b/api/crds/manifests/clusters.openmcp.cloud_clusters.yaml index 2d77636..8c23557 100644 --- a/api/crds/manifests/clusters.openmcp.cloud_clusters.yaml +++ b/api/crds/manifests/clusters.openmcp.cloud_clusters.yaml @@ -23,17 +23,17 @@ spec: - jsonPath: .status.phase name: Phase type: string - - jsonPath: .metadata.labels["clusters.openmcp.cloud/k8sversion"] + - jsonPath: .metadata.labels.clusters\.openmcp\.cloud/k8sversion name: Version type: string - - jsonPath: .metadata.labels["clusters.openmcp.cloud/provider"] + - jsonPath: .metadata.labels.clusters\.openmcp\.cloud/provider name: Provider type: string - jsonPath: .spec.profile name: Profile priority: 10 type: string - - jsonPath: .metadata.annotations["clusters.openmcp.cloud/providerinfo"] + - jsonPath: .metadata.annotations.clusters\.openmcp\.cloud/providerinfo name: Info priority: 10 type: string diff --git a/api/crds/manifests/core.openmcp.cloud_managedcontrolplanev2s.yaml b/api/crds/manifests/core.openmcp.cloud_managedcontrolplanev2s.yaml deleted file mode 100644 index 970d988..0000000 --- a/api/crds/manifests/core.openmcp.cloud_managedcontrolplanev2s.yaml +++ /dev/null @@ -1,375 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.18.0 - labels: - openmcp.cloud/cluster: onboarding - name: managedcontrolplanev2s.core.openmcp.cloud -spec: - group: core.openmcp.cloud - names: - kind: ManagedControlPlaneV2 - listKind: ManagedControlPlaneV2List - plural: managedcontrolplanev2s - shortNames: - - mcpv2 - singular: managedcontrolplanev2 - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.phase - name: Phase - type: string - name: v2alpha1 - schema: - openAPIV3Schema: - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - properties: - iam: - description: IAM contains the access management configuration for - the ManagedControlPlaneV2. - properties: - oidcProviders: - description: |- - OIDCProviders is a list of OIDC providers that should be configured for the ManagedControlPlaneV2. - They are independent of the standard OIDC provider and in addition to it, unless it has been disabled by not specifying any role bindings. - items: - properties: - clientID: - description: ClientID is the client ID to use for the OIDC - provider. - type: string - extraScopes: - description: ExtraScopes is a list of extra scopes that - should be requested from the OIDC provider. - items: - type: string - type: array - groupsClaim: - default: groups - description: |- - GroupsClaim is the claim in the OIDC token that contains the groups. - If empty, the default claim "groups" will be used. - type: string - groupsPrefix: - description: |- - GroupsPrefix is a prefix that will be added to all group names when referenced in RBAC rules. - This is required to avoid conflicts with Kubernetes built-in groups. - If the prefix does not end with a colon (:), it will be added automatically. - minLength: 1 - type: string - issuer: - description: Issuer is the issuer URL of the OIDC provider. - type: string - name: - description: |- - Name is the name of the OIDC provider. - May be used in k8s resources, therefore has to be a valid k8s name. - maxLength: 253 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*' - type: string - roleBindings: - description: |- - RoleBindings is a list of subjects with (cluster) role bindings that should be created for them. - Note that the username prefix is added automatically to the subjects' names, it must not be explicitly specified here. - items: - properties: - roleRefs: - description: |- - RoleRefs is a list of (cluster) role references that the subjects should be bound to. - Note that existence of the roles is not checked and missing (cluster) roles will result in ineffective (cluster) role bindings. - items: - description: RoleRef defines a reference to a (cluster) - role that should be bound to the subjects. - properties: - kind: - description: |- - Kind is the kind of the role to bind to the subjects. - It must be 'Role' or 'ClusterRole'. - enum: - - Role - - ClusterRole - type: string - name: - description: Name is the name of the role or - cluster role to bind to the subjects. - minLength: 1 - type: string - namespace: - description: |- - Namespace is the namespace of the role to bind to the subjects. - It must be set if the kind is 'Role' and may not be set if the kind is 'ClusterRole'. - type: string - required: - - kind - - name - type: object - type: array - subjects: - description: |- - Subjects is a list of subjects that should be bound to the specified roles. - The subjects' names will be prefixed with the username prefix of the OIDC provider. - items: - description: |- - Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, - or a value for non-objects such as user and group names. - properties: - apiGroup: - description: |- - APIGroup holds the API group of the referenced subject. - Defaults to "" for ServiceAccount subjects. - Defaults to "rbac.authorization.k8s.io" for User and Group subjects. - type: string - kind: - description: |- - Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". - If the Authorizer does not recognized the kind value, the Authorizer should report an error. - type: string - name: - description: Name of the object being referenced. - type: string - namespace: - description: |- - Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty - the Authorizer should report an error. - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - type: array - required: - - roleRefs - - subjects - type: object - type: array - usernameClaim: - default: sub - description: |- - UsernameClaim is the claim in the OIDC token that contains the username. - If empty, the default claim "sub" will be used. - type: string - usernamePrefix: - description: |- - UsernamePrefix is a prefix that will be added to all usernames when referenced in RBAC rules. - This is required to avoid conflicts with Kubernetes built-in users. - If the prefix does not end with a colon (:), it will be added automatically. - minLength: 1 - type: string - required: - - clientID - - groupsPrefix - - issuer - - name - - roleBindings - - usernamePrefix - type: object - x-kubernetes-validations: - - message: OIDC provider name must not be 'default' as this - is reserved for the standard OIDC provider - rule: self.name != 'default' - type: array - roleBindings: - description: |- - RoleBindings is a list of subjects with (cluster) role bindings that should be created for them. - These bindings refer to the standard OIDC provider. If empty, the standard OIDC provider is disabled. - Note that the username prefix is added automatically to the subjects' names, it must not be explicitly specified here. - items: - properties: - roleRefs: - description: |- - RoleRefs is a list of (cluster) role references that the subjects should be bound to. - Note that existence of the roles is not checked and missing (cluster) roles will result in ineffective (cluster) role bindings. - items: - description: RoleRef defines a reference to a (cluster) - role that should be bound to the subjects. - properties: - kind: - description: |- - Kind is the kind of the role to bind to the subjects. - It must be 'Role' or 'ClusterRole'. - enum: - - Role - - ClusterRole - type: string - name: - description: Name is the name of the role or cluster - role to bind to the subjects. - minLength: 1 - type: string - namespace: - description: |- - Namespace is the namespace of the role to bind to the subjects. - It must be set if the kind is 'Role' and may not be set if the kind is 'ClusterRole'. - type: string - required: - - kind - - name - type: object - type: array - subjects: - description: |- - Subjects is a list of subjects that should be bound to the specified roles. - The subjects' names will be prefixed with the username prefix of the OIDC provider. - items: - description: |- - Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, - or a value for non-objects such as user and group names. - properties: - apiGroup: - description: |- - APIGroup holds the API group of the referenced subject. - Defaults to "" for ServiceAccount subjects. - Defaults to "rbac.authorization.k8s.io" for User and Group subjects. - type: string - kind: - description: |- - Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". - If the Authorizer does not recognized the kind value, the Authorizer should report an error. - type: string - name: - description: Name of the object being referenced. - type: string - namespace: - description: |- - Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty - the Authorizer should report an error. - type: string - required: - - kind - - name - type: object - x-kubernetes-map-type: atomic - type: array - required: - - roleRefs - - subjects - type: object - type: array - type: object - required: - - iam - type: object - status: - properties: - access: - additionalProperties: - description: LocalObjectReference is a reference to an object in - the same namespace as the resource referencing it. - properties: - name: - default: "" - description: |- - Name of the referent. - This field is effectively required, but due to backwards compatibility is - allowed to be empty. Instances of this type with an empty value here are - almost certainly wrong. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - type: string - type: object - x-kubernetes-map-type: atomic - description: |- - Access is a mapping from OIDC provider names to secret references. - Each referenced secret is expected to contain a 'kubeconfig' key with the kubeconfig that was generated for the respective OIDC provider for the ManagedControlPlaneV2. - The default OIDC provider, if configured, uses the name "default" in this mapping. - The "default" key is also used if the ClusterProvider does not support OIDC-based access and created a serviceaccount with a token instead. - type: object - conditions: - description: Conditions contains the conditions. - items: - description: Condition contains details for one aspect of the current - state of this API Resource. - properties: - lastTransitionTime: - description: |- - lastTransitionTime is the last time the condition transitioned from one status to another. - This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: |- - message is a human readable message indicating details about the transition. - This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: |- - observedGeneration represents the .metadata.generation that the condition was set based upon. - For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date - with respect to the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: |- - reason contains a programmatic identifier indicating the reason for the condition's last transition. - Producers of specific condition types may define expected values and meanings for this field, - and whether the values are considered a guaranteed API. - The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the generation of this resource - that was last reconciled by the controller. - format: int64 - type: integer - phase: - description: Phase is the current phase of the resource. - type: string - required: - - access - - observedGeneration - - phase - type: object - type: object - selectableFields: - - jsonPath: .status.phase - served: true - storage: true - subresources: - status: {}